[Oisf-users] suricata and 224.0.0.252
paul
paul at snoep.it
Mon Mar 25 18:35:00 UTC 2013
Hi,
New to this list, so I hope you can help out.
Suricata reports a prio 1 on my internal network, multicast from a single station to 224.0.0.252. According to suricata, this is emule traffic. According to google, this is link local multicast name resolution.
It is a windows 7 pc (the only one on that network), suricata is version 1.1.1 (ubuntu 12.04lts)
The reported payload indicates it is llmnr. There is no trace of emule on that PC.
Any other confirmations I can check to ensure it is llmnr?
Thanks
Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20130325/4d555ea7/attachment.html>
More information about the Oisf-users
mailing list